The entire internet has been buzzing about this new AI assistant OpenClaw, but is it really worth the hype? OpenClaw definitely delivers on the AI-powered future that I’ve wanted for a long time, but it comes with some negative side effects that you might not realize up front.OpenClaw finally delivers on the AI assistant promise we've all been waiting for An autonomous AI assistant that does things for you before you ask? Say no more AI can be a fantastic tool when used in the right way.I use it quite often for various things, but there’s still some things AI isn’t great for—automated, scheduled tasks is one of them.
I’ll admit, I dream of the day that I can have a “hired” AI assistant that works like a real person—proactively.Instead of me having to prompt it, the AI assistant just does things it knows I want it to do.I can give it direction, or tell it to stop, but it just accomplishes the tasks I set forth with it.
That’s what OpenClaw is—a personal assistant that works even when you’re not.Related 4 uncomfortable truths about AI that everyone should know Things you should know, whether or not you're using these tools.Posts By Tim Brookes OpenClaw started as a side project and had side project security issues The dev never intended for it to blow up…and it was programed as expected So, what is OpenClaw? If you’ve never heard of OpenClaw, then you’re not alone.
OpenClaw (formerly ClawdBot and then MoltBot) is an AI-powered assistant for your everyday life.Well, it wasn’t designed to be the assistant for life, but for its creator’s life.Peter Steinberger, known as steipete across the web, developed what was then ClawdBot for his own personal use.
It was simply a unique way to make AI work for him, and it worked well in that environment.Peter open sourced OpenClaw on GitHub, and it sat relatively unknown for months before it exploded overnight in popularity about two weeks ago.Everyone was talking about it, installing it on their systems, or buying dedicated computers to run it on.
OpenClaw was an overnight sensation.However, Peter never really considered this reality, and the AI assistant wasn’t built for it.There were open ports, bugs, security flaws, and more riddled throughout the program.
As a vibe coder myself, I get it.A tool built for personal use is going to have far less structure and security than one built for the masses.Personal tools require personal time, and once something is working, you kind of just let it go.
That’s what happened with OpenClaw.After it blew up, people started to realize just how big a security issue it was.In fact, OpenClaw drew the attention of major companies, like Cisco, who detailed just how big a “security nightmare” the bot was.
People on the r/cybersecurity subreddit are also documenting just how big of a problem OpenClaw is (and will continue to be).Sure, Peter (and I’m guessing a team now) are definitely working around the clock to fix OpenClaw, but it was such an overnight sensation that it’s almost impossible to fix this rapidly.Even today, OpenClaw is almost all I see on my social feeds as I’m scrolling.
Even non-techy people are starting to talk about it.While a lot of security holes have been patched, there's a bigger issue with OpenClaw The marketplace needs a of security improvements One of the best (and worst) parts of OpenClaw is ClawHub, a repository of skills for OpenClaw to use.I love that this repository is open for all to view, submit to, and use.
However, that’s also its biggest downside.ClawHub has, as of February 2nd, over 300 malware-filled skills for people to download and use.These aren’t just some random skills you might never come across—the #1 downloaded skill on ClawHub was filled with malware.
Cisco is right in that this is truly a security nightmare.While the OpenClaw team can patch OpenClaw itself from its security issues, fixing the marketplace is going to take a lot more than just a few lines of code.It’s already chock full of malware, and who knows how long that will take to fix.
Subscribe for expert OpenClaw and AI security coverage Dig deeper—subscribe to the newsletter for clear, expert coverage of OpenClaw, AI assistant risks, and marketplace security.Insightful analysis and vetted perspectives to help you evaluate safety and make informed choices about AI assistants.Subscribe By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy.
You can unsubscribe anytime.Yesterday, February 5th, OpenClaw partnered with VirusTotal for the skills on ClawHub—this will definitely help, but the damage has already been done to many people’s systems.I have run OpenClaw on two of my own systems—a virtual machine at my house, and on a remote VPS.
It’s a really cool tool that I to use and leverage, but I just couldn’t get it to do what I needed it to yet.Not without costing me an arm and a leg in tokens, anyway.Just setting it up cost me about $15 in tokens across Gemini, ChatGPT, and Claude.
OpenClaw is definitely a look into the future of AI-powered assistants though, and I am very excited for what the future holds.However, it’s also a lesson that not everything is as it seems.When I first found OpenClaw, I thought it was a solid project with funding (or at least a team) and blindly trusted it.
I’m glad I didn’t succumb to any issues (that I know of yet), but it goes to show that not everything is as it seems.The next time a particular AI helper blows up in popularity with everyone talking about it, I’m going to do some research before running it myself, and I suggest you do the same.
Read More
